I am using the Android SDK to login users to my app through social connections (Fitbit). I have followed the quick-start guide, however I am having trouble with reauthenticating users when their access token is expired.
If the token is expired, and I attempt to either call the Auth0 Account object’s logout method (to try and clear cookies) and/or call the login method, it fails with “Error occurred trying to authenticate with the server” (through an Authentication Exception).
Edited to add: the more detailed description of the exception is that “the user closed the browser and the authentication was cancelled”, however the browser is not being closed.
When running the app, what this looks like is the custom browser tab being opened to run the login/out, except instead of getting to the Auth0 login page, it simply says “not found” on the page - plain text, no other information. If I open the link from the custom tab in Chrome proper, it is trying to access the following URL but getting the “not found” message: https://{MY_APPLICATION}.eu.auth0.com/android/{ANDROID_PACKAGE_NAME}/callback - which I set up per the quickstart guide.
Any way of getting around this? Since it then causes my app to quietly fail in the background and not perform as expected for the end user.
Have you had a chance to try out our sample apps at all? I’d be curious to know if the same behavior happens there.
You should be able to mitigate this behavior by using CredentialsManager to save a refresh token in order to renew id/access tokens as they expire. This requires passing an additional offline_access scope in the authorization request. Some more on refresh tokens here.
Hope this helps get you started in the right direction!
Have you had a chance to try out our sample apps at all? I’d be curious to know if the same behavior happens there.
Yes, I tried the Android sample app and was getting the same issue if the token was expired.
You should be able to mitigate this behavior by using CredentialsManager to save a refresh token in order to renew id/access tokens as they expire. This requires passing an additional offline_access scope in the authorization request.
